From ietf-dane at dukhovni.org Tue Dec 15 02:21:36 2015 From: ietf-dane at dukhovni.org (Viktor Dukhovni) Date: Tue, 15 Dec 2015 01:21:36 +0000 Subject: Let's Encrypt certificates for port 25 SMTP and DANE TLSA In-Reply-To: <566F1F2F.6070704@eff.org> References: <20151214192330.GF11836@mournblade.imrryr.org> <566F1F2F.6070704@eff.org> Message-ID: <20151215012135.GN11836@mournblade.imrryr.org> [ FYI, from postfix-users ] > On Dec 14, 2015, at 2:57 PM, Jacob Hoffman-Andrews wrote: > > On 12/14/2015 11:23 AM, Viktor Dukhovni wrote: >> May I ask for your help in providing configuration guidance to LE >> users who also plan to publish DANE TLSA records. > > I'd be happy to help, but am a little constrained on time. If you've got > time, would you mind posting a quick explanation at > https://community.letsencrypt.org/c/server-config of why "3 0 1" records > are risky with LE certificates, and the alternatives? I think the email > below is a good start, and if you prefer not to create an account on our > forums I could repost it with permission. I'll then pin the post for > some time to make people see it. Thanks. https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022 -- Viktor.